IGL-Technologies eParking.fi

Risk Summary

Successful exploitation of these vulnerabilities could enable attackers to gain unauthorized administrative control over vulnerable charging stations or disrupt charging services through denial-of-service attacks.

CVEs (4)

Remediations

• IGL-Technologies has updated eParking's OCPP servers to reduce the risks posed by the vulnerability. These updates implemented the following security controls:
• 1) Enforce modern security profiles and stronger authentication.
• 2) Device‑level whitelisting was implemented to ensure that only authorized charging units can connect.
• 3) Rate‑limiting controls prevent excessive requests and reduces DoS risk.
• 4) Enhanced automated monitoring and alerting to detection abnormal network activity.
• Devices using the encrypted deployment of eParking's OCPP servers or IGL-Technologies proprietary eTolppa protocol are not impacted by these vulnerabilities.
• To prevent this in the future IGL-Technologies will continue vulnerability monitoring under their ISO 27001:2022 security program and tighten security requirements for future third‑party OCPP hardware approvals.
• For more information please contact the IGL-Technologies security team at this email address: [email protected].

Affected Vendors

Affected Products (1)

Affected Sectors

Energy, Transportation Systems